With a New year (2021), I’m here to provide a single blog post for Azure updates on the previous month. In this blog, we will be covering up December month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorized the updates based on high- level sections.
Azure Compute
Support of Azure Container Registry across Availability Zones
Availability Zone support is in addition to Azure Container Registry Geo-replication support, providing high-availability and reliability across and within Azure regions.
Enable zone redundancy in Azure Container Registry for resiliency and high availability. In addition to geo-replication, which replicates registry data across one or more Azure regions to provide availability and reduce latency for regional operations, Azure Container Registry supports optional zone redundancy. Zone redundancy provides resiliency and high availability to a registry or replication resource (replica) in a specific region.
Zone redundancy is a preview feature of the Premium container registry service tier.
Automatic VM placement and Azure Virtual Machine Scale Sets available on Dedicated Host
With this option, we can simplify the deployment and increase the scalability of your Azure Dedicated Hosts environments:
- Customer can accelerate the deployment of Azure VMs in Dedicated Hosts by letting the platform select the host group to which the VM will be deployed.
- Customer can also use Virtual Machine Scale Sets in conjunction with Dedicated Hosts. This new capability allows IT organizations to use scale sets across multiple dedicated hosts part of a dedicated hosts group.
These new capabilities will let you more easily manage applications running on dedicated hosts at scale.
Known issues and limitations when using automatic VM placement:
- You will not be able to apply Azure Hybrid Benefits on your dedicated hosts.
- You will not be able to redeploy your VM.
Azure Storage
Azure Storage account recovery available via portal is now generally available
Azure Storage uses a storage account to contain all of your Azure Storage data including: blobs, files, tables, queues, and disks. Accidentally deleting a storage account deletes all data in the account and previously could not be recovered. To recover a storage account, the following conditions must be true:
- The storage account was deleted within the past 14 days.
- The storage account was created with the Azure Resource Manager deployment model.
- A new storage account with the same name has not been created since the original account was deleted.
Azure infrastructure encryption (double encryption) is now provided for Azure storage
Customers who require high levels of assurance that their data is secure can also enable 256-bit AES encryption at the Azure Storage infrastructure level. When infrastructure encryption is enabled, data in a storage account is encrypted twice — once at the service level and once at the infrastructure level — with two different encryption algorithms and two different keys. Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys may be compromised. In this scenario, the additional layer of encryption continues to protect your data.
Service-level encryption supports the use of either Microsoft-managed keys or customer-managed keys with Azure Key Vault. Infrastructure-level encryption relies on Microsoft-managed keys and always uses a separate key.
Azure Storage blob inventory public preview
The Azure Storage blob inventory feature provides an overview of your blob data within a storage account. Use the inventory report to understand your total data size, age, encryption status, and so on. The report provides an overview of your data for business and compliance requirements. Once enabled, an inventory report is automatically created daily.
The Azure Storage blob inventory feature provides an overview of your blob data within a storage account. Use the inventory report to understand your total data size, age, encryption status, and so on. Enable blob inventory reports by adding a policy to your storage account. Add, edit, or remove a policy by using the Azure portal. Once enabled, an inventory report is automatically created daily.
If you enable firewall rules for your storage account, inventory requests may be blocked. You can unblock these requests by providing exceptions for trusted Microsoft services.
Azure Networking & Security
Azure Security Center—News and updates for December 2020
- The following updates and enhancements were made to Azure Security Center:
- Global Administrators can now grant themselves tenant-level permissions
- Two new Azure Defender plans: Azure Defender for DNS and Azure Defender for Resource Manager (in preview)
- New security alerts page in the Azure portal (preview)
- Asset inventory tools and filters updated
- Recommendation about web apps requesting SSL certificates no longer part of secure score
- Recommendations page has new filters for environment, severity, and available responses
- Continuous export gets new data types and improved deployifnotexist policies
- Azure Defender for SQL Severs on machines is generally available.
Other Azure Services
Azure Monitor for Windows Virtual Desktop in public preview
Azure Monitor for Windows Virtual Desktop (preview) is a dashboard built on Azure Monitor Workbooks that helps IT professionals understand their Windows Virtual Desktop environments. Azure Monitor for Windows Virtual Desktop provides a centralized view with all the monitoring telemetry and visualizations you need to debug and troubleshoot issues. With Azure Monitor for Windows Virtual Desktop, customer can:
- View a summary of host pool status and health
- Find and troubleshoot problems in the deployment
- Understand and address user feedback
- Understand utilization of resources and make decisions on scaling and cost management
Thanks for your time, and I hope you had some quick preview of list updates from December month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
